Bug 703238 - (CVE-2011-4355) CVE-2011-4355 gdb: object file .debug_gdb_scripts section improper input validation
CVE-2011-4355 gdb: object file .debug_gdb_scripts section improper input vali...
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 756114 756116 756117 813775
Blocks: 734546 855229
  Show dependency treegraph
Reported: 2011-05-09 13:15 EDT by Vincent Danen
Modified: 2016-03-04 06:01 EST (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 813775 (view as bug list)
Last Closed: 2013-02-21 04:11:15 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2011-05-09 13:15:32 EDT
It was discovered [1],[2] the the GNU Debugger (gdb) would load untrusted files from the current working directory when .debug_gdb_scripts was defined.  While this was a design decision, it is an insecure one and users who do not pre-inspect untrusted files may execute arbitrary code with their privileges.

[1] http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html
[2] http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html
Comment 8 Ramon de C Valle 2011-11-22 12:53:46 EST
Created gdb tracking bugs for this issue

Affects: fedora-all [bug 756117]
Comment 23 errata-xmlrpc 2013-02-21 05:51:48 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:0522 https://rhn.redhat.com/errata/RHSA-2013-0522.html

Note You need to log in before you can comment on or make changes to this bug.